resource "google_artifact_registry_repository" "<%= ctx[:primary_resource_id] %>" {
  provider = google-beta

  location = "us-central1"
  repository_id = "<%= ctx[:vars]['repository_id'] %>"
  description = "<%= ctx[:vars]['description'] %>"
  format = "DOCKER"
}

resource "google_service_account" "test-account" {
  provider = google-beta

  account_id   = "<%= ctx[:vars]['account_id'] %>"
  display_name = "Test Service Account"
}

resource "google_artifact_registry_repository_iam_member" "test-iam" {
  provider = google-beta

  location = google_artifact_registry_repository.<%= ctx[:primary_resource_id] %>.location
  repository = google_artifact_registry_repository.<%= ctx[:primary_resource_id] %>.name
  role   = "roles/artifactregistry.reader"
  member = "serviceAccount:${google_service_account.test-account.email}"
}
